PDA

View Full Version : Internet explorer running in background



tanwilliams
2011-11-23, 17:00
Hiya, I hope I am posting in the right place.

I recently managed to get a virus which deleted my virus protection (mcafee), deleted my icons and seemed to do something with the hardrive. I did a system restore and things seemed to go back to normal (all my icons were back, mcafee was back). However now my computer is running really slowly and when I load task manager internet explorer is running using up a huge amount of power, this happens even when i'm not using ie.

Thank you in advance!

I couldnt run the erunt?? because it just said the network was blocked?
I have done the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Tanith at 14:32:06 on 2011-11-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2023 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell Support Center\imstrayicon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Google Update] "C:\Users\Tanith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Tanith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDEr
MS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx
"&"prod=90"&"ver=10.0.1410
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{77FCBF1A-3BE4-4D96-9544-182ABCE6C2FA} : DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\37C61646562627F6F6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\57E62656C69656671626C65602A6566666021212121212121212121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\6796379647F627E65647 : DhcpNameServer = 172.19.0.67 172.19.0.73
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\C496675626F687D224232383 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS
1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"
ver=10.0.1410
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tanith\AppData\Roaming\Mozilla\Firefox\Profiles\987vu9s4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tanith\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-6 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-6 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-2 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17152]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-23 13:52:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 13:52:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 13:12:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{DBC01FED-2B40-4434-8CD6-2859D48F023A}
2011-11-23 13:12:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{BFB2635E-0D37-473C-BB6E-27DFADF3F620}
2011-11-19 22:28:48 -------- d-----w- C:\Users\Tanith\AppData\Local\{9FB1F30F-7A5A-4D2C-A386-4912FBB42F23}
2011-11-19 22:28:09 -------- d-----w- C:\Users\Tanith\AppData\Local\{EA4D5175-B904-4FE7-8B0C-23BA09B63561}
2011-11-19 22:25:07 -------- d-----w- C:\Users\Tanith\AppData\Local\{0912ADC1-D1CE-4633-9B51-A2EDF9942229}
2011-11-19 03:01:03 -------- d-----w- C:\Users\Tanith\AppData\Local\{AD2503F0-DDFB-48B8-AB85-63465EB4677D}
2011-11-18 14:47:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-18 14:47:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-18 14:47:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-18 14:47:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 14:39:20 -------- d-----w- C:\Users\Tanith\AppData\Local\{B1A15B3F-0440-4B11-899F-FDE3DE89D843}
2011-11-18 14:38:43 -------- d-----w- C:\Users\Tanith\AppData\Local\{2EC0F061-FA0F-4BFC-A16A-0D4107531793}
2011-11-18 13:41:06 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-18 12:44:11 -------- d-----w- C:\Users\Tanith\AppData\Local\{E2D4F302-19D0-45A8-B879-3629C3D81305}
2011-11-18 12:43:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{5E071281-44EA-4ACF-B793-F40BFA46ADE6}
2011-11-17 10:30:39 -------- d-----w- C:\Users\Tanith\AppData\Roaming\Malwarebytes
2011-11-17 10:30:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 10:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 09:56:51 -------- d-----w- C:\Users\Tanith\AppData\Local\{BE910464-35AD-4C81-AA60-E7AA1567B35B}
2011-11-17 09:56:28 -------- d-----w- C:\Users\Tanith\AppData\Local\{5D284CA4-BC4F-4B71-8D92-A02586BC5D23}
2011-11-16 11:57:14 -------- d-----w- C:\Users\Tanith\AppData\Local\{33D92708-4B97-41C9-BB64-2D245C70F244}
2011-11-16 11:56:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{F07597DF-4592-444C-931C-D1676DA74ACA}
2011-11-15 03:23:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{0D0009C4-D6CA-4FCC-8B75-AD2DAF50672C}
2011-11-15 03:23:34 -------- d-----w- C:\Users\Tanith\AppData\Local\{4EECE56F-7387-47F0-B1A8-59D5E507AF17}
2011-11-14 12:02:58 -------- d-----w- C:\Users\Tanith\AppData\Local\{1A45BFC3-91E0-414E-9222-67F3857626A4}
2011-11-14 12:02:42 -------- d-----w- C:\Users\Tanith\AppData\Local\{A740FED3-4B25-4A6A-9BFE-83A8C3EA5298}
2011-11-14 11:43:33 -------- d-----w- C:\Users\Tanith\AppData\Local\{DFE21E41-4E81-4AFC-A908-D23D463C1913}
2011-11-12 17:38:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{18D19A18-62FB-43E0-ADE7-A62AE91856A7}
2011-11-12 12:21:24 -------- d-----w- C:\Users\Tanith\AppData\Local\{C8CC5C48-D4CC-4F8D-ADCF-6CF3497E93B3}
2011-11-12 12:20:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{C23CAE0B-87B2-4F61-A328-A1F7D9A6ACF8}
2011-11-11 10:46:02 -------- d-----w- C:\Users\Tanith\AppData\Local\{97C8D1E7-B66C-4F82-814C-3C6F94CE3B98}
2011-11-10 11:23:21 -------- d-----w- C:\Users\Tanith\AppData\Local\{9277D914-3828-4853-9F08-3CA675557268}
2011-11-10 11:22:56 -------- d-----w- C:\Users\Tanith\AppData\Local\{9AEF334F-92E4-414C-A89D-5E01375BC65D}
2011-11-09 23:18:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{A4DD0C41-8E81-4F47-8628-120373E35463}
2011-11-09 11:17:52 -------- d-----w- C:\Users\Tanith\AppData\Local\{63393B40-84DF-4F24-A206-BB5B7F02669F}
2011-11-08 11:22:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8B5E1CDC-AE87-4C74-B813-3FCA799FE02B}
2011-11-08 11:21:47 -------- d-----w- C:\Users\Tanith\AppData\Local\{2B1B5D26-A8E0-4DD7-98C5-048FF22B47AD}
2011-11-07 11:23:12 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-07 11:22:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{1F7F710F-DCDF-45E7-972D-E98904248B13}
2011-11-07 11:21:53 -------- d-----w- C:\Users\Tanith\AppData\Local\{839D1A7D-C6DC-42FB-A45C-D16A886691DB}
2011-11-06 18:02:46 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-11-06 18:02:39 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-11-06 18:02:38 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-11-06 18:02:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-06 18:01:52 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-06 18:01:47 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-06 18:01:04 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-06 18:01:04 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-06 18:01:04 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-06 18:01:04 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-06 18:01:04 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\McAfee.com
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-06 18:00:53 -------- d-----w- C:\Program Files\McAfee
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iTunes
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iPod
2011-11-06 17:32:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 17:32:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-06 17:32:34 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-06 17:31:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-06 17:31:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-11-06 17:31:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-11-06 17:31:11 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-11-06 17:30:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-06 17:30:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-06 17:30:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-06 17:30:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-06 17:18:32 -------- d-----w- C:\Users\Tanith\AppData\Local\{73F0A4AB-86E8-40BA-BA09-09810BE12428}
2011-11-06 17:17:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8E1B952E-A161-4BBF-B090-0A4D2397E657}
2011-11-02 14:36:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{D9BB5074-4F05-439F-A9E6-9D2D62932828}
.
==================== Find3M ====================
.
2011-11-06 18:21:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 14:41:09.39 ===============

Blade81
2011-11-23, 17:31
Hi,

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

tanwilliams
2011-11-23, 18:59
Hiya,

Have done the scan results are attached.

Blade81
2011-11-23, 20:08
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

tanwilliams
2011-11-24, 02:49
Here is my DDS: and i will attach the combofix and attach.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Tanith at 0:33:31 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2062 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Facebook Update] "C:\Users\Tanith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{77FCBF1A-3BE4-4D96-9544-182ABCE6C2FA} : DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\37C61646562627F6F6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\57E62656C69656671626C65602A6566666021212121212121212121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\6796379647F627E65647 : DhcpNameServer = 172.19.0.67 172.19.0.73
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\C496675626F687D224232383 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tanith\AppData\Roaming\Mozilla\Firefox\Profiles\987vu9s4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-6 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-6 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-2 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17152]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-24 00:00:48 -------- d-----w- C:\$RECYCLE.BIN
2011-11-23 23:08:09 98816 ----a-w- C:\Windows\sed.exe
2011-11-23 23:08:09 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-23 23:08:09 256000 ----a-w- C:\Windows\PEV.exe
2011-11-23 23:08:09 208896 ----a-w- C:\Windows\MBR.exe
2011-11-23 23:06:58 -------- d-----w- C:\ComboFix
2011-11-23 13:52:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 13:52:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 13:12:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{DBC01FED-2B40-4434-8CD6-2859D48F023A}
2011-11-23 13:12:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{BFB2635E-0D37-473C-BB6E-27DFADF3F620}
2011-11-19 22:28:48 -------- d-----w- C:\Users\Tanith\AppData\Local\{9FB1F30F-7A5A-4D2C-A386-4912FBB42F23}
2011-11-19 22:28:09 -------- d-----w- C:\Users\Tanith\AppData\Local\{EA4D5175-B904-4FE7-8B0C-23BA09B63561}
2011-11-19 22:25:07 -------- d-----w- C:\Users\Tanith\AppData\Local\{0912ADC1-D1CE-4633-9B51-A2EDF9942229}
2011-11-19 03:01:03 -------- d-----w- C:\Users\Tanith\AppData\Local\{AD2503F0-DDFB-48B8-AB85-63465EB4677D}
2011-11-18 14:47:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-18 14:47:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-18 14:47:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-18 14:47:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 14:39:20 -------- d-----w- C:\Users\Tanith\AppData\Local\{B1A15B3F-0440-4B11-899F-FDE3DE89D843}
2011-11-18 14:38:43 -------- d-----w- C:\Users\Tanith\AppData\Local\{2EC0F061-FA0F-4BFC-A16A-0D4107531793}
2011-11-18 13:41:06 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-18 12:44:11 -------- d-----w- C:\Users\Tanith\AppData\Local\{E2D4F302-19D0-45A8-B879-3629C3D81305}
2011-11-18 12:43:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{5E071281-44EA-4ACF-B793-F40BFA46ADE6}
2011-11-17 10:30:39 -------- d-----w- C:\Users\Tanith\AppData\Roaming\Malwarebytes
2011-11-17 10:30:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 10:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 09:56:51 -------- d-----w- C:\Users\Tanith\AppData\Local\{BE910464-35AD-4C81-AA60-E7AA1567B35B}
2011-11-17 09:56:28 -------- d-----w- C:\Users\Tanith\AppData\Local\{5D284CA4-BC4F-4B71-8D92-A02586BC5D23}
2011-11-16 11:57:14 -------- d-----w- C:\Users\Tanith\AppData\Local\{33D92708-4B97-41C9-BB64-2D245C70F244}
2011-11-16 11:56:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{F07597DF-4592-444C-931C-D1676DA74ACA}
2011-11-15 03:23:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{0D0009C4-D6CA-4FCC-8B75-AD2DAF50672C}
2011-11-15 03:23:34 -------- d-----w- C:\Users\Tanith\AppData\Local\{4EECE56F-7387-47F0-B1A8-59D5E507AF17}
2011-11-14 12:02:58 -------- d-----w- C:\Users\Tanith\AppData\Local\{1A45BFC3-91E0-414E-9222-67F3857626A4}
2011-11-14 12:02:42 -------- d-----w- C:\Users\Tanith\AppData\Local\{A740FED3-4B25-4A6A-9BFE-83A8C3EA5298}
2011-11-14 11:43:33 -------- d-----w- C:\Users\Tanith\AppData\Local\{DFE21E41-4E81-4AFC-A908-D23D463C1913}
2011-11-12 17:38:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{18D19A18-62FB-43E0-ADE7-A62AE91856A7}
2011-11-12 12:21:24 -------- d-----w- C:\Users\Tanith\AppData\Local\{C8CC5C48-D4CC-4F8D-ADCF-6CF3497E93B3}
2011-11-12 12:20:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{C23CAE0B-87B2-4F61-A328-A1F7D9A6ACF8}
2011-11-11 10:46:02 -------- d-----w- C:\Users\Tanith\AppData\Local\{97C8D1E7-B66C-4F82-814C-3C6F94CE3B98}
2011-11-10 11:23:21 -------- d-----w- C:\Users\Tanith\AppData\Local\{9277D914-3828-4853-9F08-3CA675557268}
2011-11-10 11:22:56 -------- d-----w- C:\Users\Tanith\AppData\Local\{9AEF334F-92E4-414C-A89D-5E01375BC65D}
2011-11-09 23:18:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{A4DD0C41-8E81-4F47-8628-120373E35463}
2011-11-09 11:17:52 -------- d-----w- C:\Users\Tanith\AppData\Local\{63393B40-84DF-4F24-A206-BB5B7F02669F}
2011-11-08 11:22:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8B5E1CDC-AE87-4C74-B813-3FCA799FE02B}
2011-11-08 11:21:47 -------- d-----w- C:\Users\Tanith\AppData\Local\{2B1B5D26-A8E0-4DD7-98C5-048FF22B47AD}
2011-11-07 11:23:12 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-07 11:22:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{1F7F710F-DCDF-45E7-972D-E98904248B13}
2011-11-07 11:21:53 -------- d-----w- C:\Users\Tanith\AppData\Local\{839D1A7D-C6DC-42FB-A45C-D16A886691DB}
2011-11-06 18:02:46 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-11-06 18:02:39 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-11-06 18:02:38 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-11-06 18:02:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-06 18:01:52 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-06 18:01:47 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-06 18:01:04 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-06 18:01:04 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-06 18:01:04 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-06 18:01:04 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-06 18:01:04 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\McAfee.com
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-06 18:00:53 -------- d-----w- C:\Program Files\McAfee
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iTunes
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iPod
2011-11-06 17:32:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 17:32:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-06 17:32:34 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-06 17:31:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-06 17:31:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-11-06 17:31:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-11-06 17:31:11 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-11-06 17:30:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-06 17:30:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-06 17:30:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-06 17:30:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-06 17:18:32 -------- d-----w- C:\Users\Tanith\AppData\Local\{73F0A4AB-86E8-40BA-BA09-09810BE12428}
2011-11-06 17:17:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8E1B952E-A161-4BBF-B090-0A4D2397E657}
2011-11-02 14:36:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{D9BB5074-4F05-439F-A9E6-9D2D62932828}
.
==================== Find3M ====================
.
2011-11-06 18:21:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 0:42:39.56 ============

Blade81
2011-11-24, 07:35
Hi,

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

tanwilliams
2011-11-24, 12:52
Hi,

Not sure if I did that right as it only took about 3 seconds:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-24 10:49:50
-----------------------------
10:49:50.252 OS Version: Windows x64 6.1.7601 Service Pack 1
10:49:50.252 Number of processors: 2 586 0x170A
10:49:50.253 ComputerName: TANITH-PC UserName: Tanith
10:49:52.202 Initialize success
10:50:22.209 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:50:22.211 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 11
10:50:24.219 Disk 0 MBR read successfully
10:50:24.221 Disk 0 MBR scan
10:50:24.223 Disk 0 Windows VISTA default MBR code
10:50:24.226 Disk 0 MBR hidden
10:50:24.229 Service scanning
10:50:29.304 Modules scanning
10:50:29.307 Disk 0 trace - called modules:
10:50:29.340 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004ca3334]<<
10:50:29.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c83410]
10:50:29.347 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046de060]
10:50:29.352 \Driver\atapi[0xfffffa800467c450] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004ca3334
10:50:29.355 Scan finished successfully
10:51:52.703 Disk 0 MBR has been saved successfully to "C:\Users\Tanith\Desktop\MBR.dat"
10:51:52.712 The log file has been saved successfully to "C:\Users\Tanith\Desktop\aswMBR2.txt"

Blade81
2011-11-24, 18:08
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

tanwilliams
2011-11-24, 18:14
I have already done combo fix, as seen earlier? You would like me to do it again?

Sorry if im being silly.. Just wanted to check.

Blade81
2011-11-24, 18:19
Sorry if im being silly.. Just wanted to check.
No. It's me being silly. Totally forgot we ran ComboFix already :oops:


1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

tanwilliams
2011-11-24, 18:26
Didn't find a thing i'm afraid!

tanwilliams
2011-11-24, 18:35
Here is the log (i think)

Blade81
2011-11-24, 18:46
Hi,

Go to Start > type or copy/paste the following in the search program and files textbox, then press Enter

diskmgmt.msc

Capture and attach a screenshot of what you see there.

---

Please download MBRCheck.exe (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

tanwilliams
2011-11-24, 19:03
Have attached!

Blade81
2011-11-24, 20:38
Hi again,


Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 1 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.



Post back its report & a fresh dds.txt log. Are there still issues left?

tanwilliams
2011-11-25, 01:49
Hiya, all updated now I think.
I did the scan and it found three threats:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application

Should I run the scan again this time deleting them?

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tanith at 23:35:12 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2351 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Facebook Update] "C:\Users\Tanith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{77FCBF1A-3BE4-4D96-9544-182ABCE6C2FA} : DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\37C61646562627F6F6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\57E62656C69656671626C65602A6566666021212121212121212121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\6796379647F627E65647 : DhcpNameServer = 172.19.0.67 172.19.0.73
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\C496675626F687D224232383 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-6 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-6 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-2 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2152152]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-10-6 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-24 22:24:29 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-24 00:00:48 -------- d-----w- C:\$RECYCLE.BIN
2011-11-23 23:08:09 98816 ----a-w- C:\Windows\sed.exe
2011-11-23 23:08:09 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-23 23:08:09 256000 ----a-w- C:\Windows\PEV.exe
2011-11-23 23:08:09 208896 ----a-w- C:\Windows\MBR.exe
2011-11-23 23:06:58 -------- d-----w- C:\ComboFix
2011-11-23 13:52:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 13:52:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 13:12:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{DBC01FED-2B40-4434-8CD6-2859D48F023A}
2011-11-23 13:12:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{BFB2635E-0D37-473C-BB6E-27DFADF3F620}
2011-11-19 22:28:48 -------- d-----w- C:\Users\Tanith\AppData\Local\{9FB1F30F-7A5A-4D2C-A386-4912FBB42F23}
2011-11-19 22:28:09 -------- d-----w- C:\Users\Tanith\AppData\Local\{EA4D5175-B904-4FE7-8B0C-23BA09B63561}
2011-11-19 22:25:07 -------- d-----w- C:\Users\Tanith\AppData\Local\{0912ADC1-D1CE-4633-9B51-A2EDF9942229}
2011-11-19 03:01:03 -------- d-----w- C:\Users\Tanith\AppData\Local\{AD2503F0-DDFB-48B8-AB85-63465EB4677D}
2011-11-18 14:47:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-18 14:47:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-18 14:47:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-18 14:47:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 14:39:20 -------- d-----w- C:\Users\Tanith\AppData\Local\{B1A15B3F-0440-4B11-899F-FDE3DE89D843}
2011-11-18 14:38:43 -------- d-----w- C:\Users\Tanith\AppData\Local\{2EC0F061-FA0F-4BFC-A16A-0D4107531793}
2011-11-18 13:41:06 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-18 12:44:11 -------- d-----w- C:\Users\Tanith\AppData\Local\{E2D4F302-19D0-45A8-B879-3629C3D81305}
2011-11-18 12:43:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{5E071281-44EA-4ACF-B793-F40BFA46ADE6}
2011-11-17 10:30:39 -------- d-----w- C:\Users\Tanith\AppData\Roaming\Malwarebytes
2011-11-17 10:30:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 10:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 09:56:51 -------- d-----w- C:\Users\Tanith\AppData\Local\{BE910464-35AD-4C81-AA60-E7AA1567B35B}
2011-11-17 09:56:28 -------- d-----w- C:\Users\Tanith\AppData\Local\{5D284CA4-BC4F-4B71-8D92-A02586BC5D23}
2011-11-16 11:57:14 -------- d-----w- C:\Users\Tanith\AppData\Local\{33D92708-4B97-41C9-BB64-2D245C70F244}
2011-11-16 11:56:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{F07597DF-4592-444C-931C-D1676DA74ACA}
2011-11-15 03:23:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{0D0009C4-D6CA-4FCC-8B75-AD2DAF50672C}
2011-11-15 03:23:34 -------- d-----w- C:\Users\Tanith\AppData\Local\{4EECE56F-7387-47F0-B1A8-59D5E507AF17}
2011-11-14 12:02:58 -------- d-----w- C:\Users\Tanith\AppData\Local\{1A45BFC3-91E0-414E-9222-67F3857626A4}
2011-11-14 12:02:42 -------- d-----w- C:\Users\Tanith\AppData\Local\{A740FED3-4B25-4A6A-9BFE-83A8C3EA5298}
2011-11-14 11:43:33 -------- d-----w- C:\Users\Tanith\AppData\Local\{DFE21E41-4E81-4AFC-A908-D23D463C1913}
2011-11-12 17:38:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{18D19A18-62FB-43E0-ADE7-A62AE91856A7}
2011-11-12 12:21:24 -------- d-----w- C:\Users\Tanith\AppData\Local\{C8CC5C48-D4CC-4F8D-ADCF-6CF3497E93B3}
2011-11-12 12:20:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{C23CAE0B-87B2-4F61-A328-A1F7D9A6ACF8}
2011-11-11 10:46:02 -------- d-----w- C:\Users\Tanith\AppData\Local\{97C8D1E7-B66C-4F82-814C-3C6F94CE3B98}
2011-11-10 11:23:21 -------- d-----w- C:\Users\Tanith\AppData\Local\{9277D914-3828-4853-9F08-3CA675557268}
2011-11-10 11:22:56 -------- d-----w- C:\Users\Tanith\AppData\Local\{9AEF334F-92E4-414C-A89D-5E01375BC65D}
2011-11-09 23:18:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{A4DD0C41-8E81-4F47-8628-120373E35463}
2011-11-09 11:17:52 -------- d-----w- C:\Users\Tanith\AppData\Local\{63393B40-84DF-4F24-A206-BB5B7F02669F}
2011-11-08 11:22:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8B5E1CDC-AE87-4C74-B813-3FCA799FE02B}
2011-11-08 11:21:47 -------- d-----w- C:\Users\Tanith\AppData\Local\{2B1B5D26-A8E0-4DD7-98C5-048FF22B47AD}
2011-11-07 11:23:12 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-07 11:22:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{1F7F710F-DCDF-45E7-972D-E98904248B13}
2011-11-07 11:21:53 -------- d-----w- C:\Users\Tanith\AppData\Local\{839D1A7D-C6DC-42FB-A45C-D16A886691DB}
2011-11-06 18:02:46 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-11-06 18:02:39 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-11-06 18:02:38 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-11-06 18:02:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-06 18:01:52 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-06 18:01:47 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-06 18:01:04 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-06 18:01:04 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-06 18:01:04 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-06 18:01:04 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-06 18:01:04 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\McAfee.com
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-06 18:00:53 -------- d-----w- C:\Program Files\McAfee
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iTunes
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iPod
2011-11-06 17:32:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 17:32:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-06 17:32:34 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-06 17:31:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-06 17:31:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-11-06 17:31:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-11-06 17:31:11 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-11-06 17:30:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-06 17:30:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-06 17:30:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-06 17:30:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-06 17:18:32 -------- d-----w- C:\Users\Tanith\AppData\Local\{73F0A4AB-86E8-40BA-BA09-09810BE12428}
2011-11-06 17:17:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8E1B952E-A161-4BBF-B090-0A4D2397E657}
2011-11-02 14:36:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{D9BB5074-4F05-439F-A9E6-9D2D62932828}
.
==================== Find3M ====================
.
2011-11-24 22:20:53 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 23:43:40.79 ===============

tanwilliams
2011-11-25, 01:55
Hi again, my system is still doing the same thing - occasionally redirecting my searches and funny things running in my task manager. I have attached a screen shot of what is going on in task manager with nothing open. IE seems to be using a lot of cpu (sometimes it is even more) and it isnt even open. I'm also worried about the things that have no description or user? Are they normal?

I have also uninstalled chrome and firefox as neither were working (crashing/sending task manager into overload).

Thank you so much for your help so far!

Blade81
2011-11-25, 18:31
Hi,

Please download mbrfix.exe from here (http://www.sysint.no/products/Download/tabid/536/language/nb-NO/Default.aspx).

Scroll down to locate mbrfix.exe and in the lower right corner of the tool info, you'll see the Download link. It's important that you save it directly to the C:\ drive and extract it to that same location.

Double click the mbrfix folder and drag the mbrfix64.exe out of that folder so it's location is C:\mbrfix64.exe

Click start->in search box type cmd.exe, right click cmd.exe and select run as administrator.

If all went well you should have black window with Administrator: Command Prompt title open.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix64_/drive_0_savembr_MBRNormalmode

(Note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter.

--

Next, restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix64_/drive_0_savembr_MBRREmode

(Again, note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter and restart the machine.

Navigate to C:\MBRNormalmode file. Right click it to zip it up, and please attach it to your next post. Repeat with C:\MBRREmode file.

tanwilliams
2011-11-26, 18:34
Hi, I've tried to follow your steps, but after clicking repair your computer it says windows is loading files and then never finishes loading!

Don't know what to do next.

Blade81
2011-11-26, 23:19
Hi,

Do you have Windows 7 installation media available?

tanwilliams
2011-11-27, 15:35
No, I'm afraid not!

Blade81
2011-11-28, 08:44
Hi,

Let's see if we manage to circumvent the problem.

Try this please. You will need a USB drive and an empty CD.

Download GETxPUD.exe (http://noahdfear.net/downloads/GETxPUD.exe) to the desktop of your clean computer

Run GETxPUD.exe
A new folder will appear on the desktop.
Open the GETxPUD folder and click on the get&burn.bat
The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
Click on Start and follow the prompts to burn the image to a CD.
Remove the USB & CD and insert it in the sick computer
Boot the Sick computer with the CD you just burned
The computer must be set to boot from the CD
Follow the prompts
A Welcome to xPUD screen will appear
Press File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Click on the folder that represents your USB drive (sdb1 ?)
Press Tool at the top
Choose Open Terminal
Type the following and press enter (be careful with the command, it has to be exactly as shown below):

dd if=/dev/sda of=mbr.bin bs=512 count=1


Press Enter
After it has finished a file will be located on your USB drive named mbr.bin
Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

tanwilliams
2011-11-30, 14:46
Okay, sounds good. Will attempt this evening!

tanwilliams
2011-11-30, 23:22
Hi.

I have attached the file. I hope it helps.

Thank you very much for your continuing help!

Blade81
2011-12-01, 10:01
Hi,

Please reboot back into xPUD. Enter the terminal and type the following command.
parted -l

Post back the output.

tanwilliams
2011-12-01, 20:19
Hi,

I have done what you asked. It didn't output a file, only information to the terminal, so I piped this into a txt file which I have attached. I hope that is what you were looking for.

Thanks
Tan

Blade81
2011-12-01, 20:43
Great. Again, reboot into xPUD and run the following command via terminal:
parted /dev/sda set 2 boot on

Reboot and see if those symptoms still exist.

tanwilliams
2011-12-01, 23:21
Hi ya

I followed your instructions in xPUD. The computer now will not boot windows. It gives us the option to either:
1. Start Windows normally (this doesnt work and tells us that windows can't be started)
2. Repair

We tried repair, which then asks us to either restore to a previous restore point, or to repair windows. We chose repair windows and it then told us windows couldn't be repaired, possibly due to a change in hardward or software.

Thanks
Tan

Blade81
2011-12-01, 23:32
Hi,

Please give another attempt for repair option.

tanwilliams
2011-12-02, 00:00
Hi,

I tried again and no change, sorry. I had a look at the diagnostic output, which said that

"Unspecified Changes to the system may have caused this problem"

It also gave an error code 0x490


Also when following your instructions in xPUD I get the following message

"Information: /etc/fstab may need updating

I hope this helps

Tan

Blade81
2011-12-02, 00:09
Hi,

Are you able to reboot back into xPUD and get output of the following command again:
parted -l

tanwilliams
2011-12-04, 16:57
Hi

I've done that again and attached the output. Again the output is just the screen output (ie parted -l >> output.txt). Hope this is what you meant.

Thanks a lot!
Tan

Blade81
2011-12-04, 17:02
Hi,

Please try this command:
parted /dev/sda set 3 boot on

Let's see if we have better results on booting now.

tanwilliams
2011-12-04, 17:55
Hiya, have tried that and it now says BOOTMGR is missing. Ctrl alt del to restart.

Tan

Blade81
2011-12-04, 18:08
Hi,

Please use the following command in xPUD again:
parted /dev/sda set 2 boot on

Press F10 after powering up the machine, which should bring up an 'Edit Boot Options' screen.
If it shows either of the following:

[ /NOEXECUTE=OPTIN /MININT
[ /NOEXECUTE=OPTIN IN/MINT

hit backspace to remove them, leaving only the /noexecute=optin, then press Enter to continue and see if it starts normally.

tanwilliams
2011-12-04, 20:03
All loaded up windows fine! Internet explorer is now running only when it should do! Yay! I do have some processes running in task manager that do not have a user name or description. Rundll32.exe is like this and is running twice. Is this normal? I have no idea. Computer seems to be running fine which is
Amazing. I'm going to reinstall Firefox now and see if that works.


Thank you!!!!!!

Blade81
2011-12-04, 20:18
Good :)

Next, reboot into xPUD and give the following command there:
parted /dev/sda rm 4

Let me know how it goes with Firefox

tanwilliams
2011-12-04, 21:04
Tried to load windows again and it failed, same two options, repair and load normally. Both of which didnt work.

Tan

Blade81
2011-12-04, 21:22
Hi,

Please run parted -l command in xPUD and post back output again.

tanwilliams
2011-12-06, 22:50
Hi

Here is the output again.

Thanks
Tan

Blade81
2011-12-07, 09:17
Press F10 after powering up the machine, which should bring up an 'Edit Boot Options' screen.
If it shows either of the following:

[ /NOEXECUTE=OPTIN /MININT
[ /NOEXECUTE=OPTIN IN/MINT

hit backspace to remove them, leaving only the /noexecute=optin, then press Enter to continue and see if it starts normally.

tanwilliams
2011-12-07, 23:25
Hiya,

Well, Windows appears to be running perfectly fine! I have re-downloaded firefox and have had no search redirections or any other problems. Internet explorer is no longer running in the background and computer runs fairly speedily.
My only concern is that rundll32.exe is running three times, (2 without username or description) in task manager. I have tried googling it and can't understand whether this is suppose to be there or not!

Apart from that everything seems to be back to normal!

Thank you so much for spending so much time helping me.

Tanith

Blade81
2011-12-08, 07:34
Hi,


My only concern is that rundll32.exe is running three times, (2 without username or description) in task manager.
Those are pretty likely ok if the system is running without issues (those with no username prolly get shown when you click "show processes from all users" in task manager).

Have you rebooted? Still running ok?

tanwilliams
2011-12-08, 12:47
I rebooted and it wouldn't turn on, but then when I pressed f10 and deleted the extra bit it worked fine again.

Any ideas?

Tan

Blade81
2011-12-08, 12:52
Hi,

We need to do some editing there and for that access to Windows recovery environment is needed.

Let's create a system repair disc. You'll need an empty cd for that.

1. Open Backup and Restore by clicking Start->Control Panel->System and Maintenance->Backup and Restore.

2. In the left pane, click Create a system repair disc, and then follow the steps. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Let me know when you have the disc created.

tanwilliams
2011-12-09, 00:47
Hiya,

I have created a system repair disc as prompted. My computer did a strange thing however, when I tried to eject the disc (the x pud one) and the shortcut on my keyboard wouldn't work and I had to go to my computer. When it then ejected it asked me to insert something into drive d and this wouldn't go away until I inserted the disc ready for system repair. Didn't seem to cause any problems but did seem a little strange.

Anyway have created the system repair disc and am
Ready to go!

Tan

Blade81
2011-12-09, 08:46
Hi,

Reboot the system with the created cd.
Set input layout and other settings and then click next.
Use "repair your computer" option and select your Windows installation on the following screen.
Select Command prompt on choose a recovery tool screen.
Type the following commands there (let me know if any of them fails and error message):

bcdedit /export C:\BCD_Backup
c:
cd boot
attrib bcd -s -h -r
ren c:\boot\bcd bcd.old
bootrec /RebuildBcd

When done type exit to close command prompt. See if system boots ok now.

tanwilliams
2011-12-11, 20:48
Hi, have been away but will do that tomorrow,

Thank you

Blade81
2011-12-11, 23:17
Ok, thanks for the heads up.

tanwilliams
2011-12-13, 20:20
Hi,

Cd boot said that the directory didn't exist,

The next two actions said that the file BCD doesn't exist.

The first and last commands said that they ran correctly.

I tried restarting the computer but no difference I'm afraid. Thanks for your help.

Tan

Blade81
2011-12-13, 22:17
Hi,

Please type these commands in command prompt in the Windows recovery cd:
cd /d c:\
dir

See if Windows directory is listed there. If not type these commands to see if the directory is listed this time:
cd /d d:\
dir

tanwilliams
2011-12-16, 12:58
Hiya,

It found the windows directory in C.

Should I repeat what you asked me to do before?

Tan

Blade81
2011-12-16, 17:56
Hi,

Try bootrec /RebuildBcd command in recovery environment's C: drive.

tanwilliams
2011-12-17, 12:27
Hi,

doing bootrec /RebuildBcd returns

"Successfully scanned windows installations.
Total identified windows installations: 0
The operation completed successfully."

Thanks
Tan

Blade81
2011-12-17, 12:37
Hi,

When you run dir command in recovery environment in c: drive does it list these folders:
-Users
-ComboFix

If not then c: drive in RE is not likely the c: drive in normal mode. You need to find what drive in RE has those above listed folders and run bootrec /RebuildBcd there.

tanwilliams
2011-12-19, 13:48
Both of those folders are in c. Running bootrec /rebuildbcd says the same as last time.

Tan

Blade81
2011-12-20, 08:26
Hi,

Please download a fresh copy of TDSSKiller and run it:

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

tanwilliams
2011-12-20, 14:24
Hi,

Here is the log file.

Thanks
Tan

Blade81
2011-12-20, 15:45
Hi,

Reboot back into xPUD, select File and navigate to mnt>sda2>Boot right click BCD file there and select copy now navigate to your usb memory stick (likely mnt>sdb1) right-click empty space there and select paste to copy BCD file to the stick.

Reboot back into Windows and archive copied BCD file to a zip file. Then navigate here (http://noahdfear.net/max/upload.php) and follow instructions to upload the zipped BCD. Let me know when that's done.

tanwilliams
2011-12-22, 17:33
Hi,

I have submitted the folder to the site you told me to.

Thanks
Tan

Blade81
2011-12-23, 07:35
Hi,

Press F10 at the bootup and delete the extra bit like earlier to access normal mode.

Click start->type cmd and right click "cmd.exe" item on the list select run as administrator. Then copy-paste following two commands one by one in the command prompt window:

bcdedit /deletevalue {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} custom:26000022

bcdedit /set {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} bootems Yes

Both commands should return Operation succeeded message. If so, reboot the system and see if you're able to enter normal mode without any modifications this time.

tanwilliams
2011-12-24, 19:00
Hi,

That worked! The computer loaded without any changes/deletions!

Thanks a lot and happy christmas!!

Tan

Blade81
2011-12-24, 19:32
Great to hear that helped! Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Happy Holidays,
Blade :santa:

tanwilliams
2011-12-24, 21:50
Happy holidays!

We will follow these steps in the next few days.


Thank you so much for all your help, you have been amazing.

Tan

Blade81
2011-12-25, 14:40
:bigthumb:

Blade81
2012-01-09, 11:10
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.